A deep learning‐based attack on text CAPTCHAs by using object detection techniques

Abstract

Text-based CAPTCHAs have been widely deployed by many popular websites, and many have been attacked. However, most previous cracks were based on classification algorithms that typically rely on a series of preprocessing operations or on many training samples, thus making such attacks complicated and costly. In this study, a simple, generic, fast and end-to-end attack based on advanced object detection technologies is introduced. The proposed attack combines a feature extraction module, a character location and recognition module and a coordinate matching module. The experiments show that the attack can break a wide range of real-world text CAPTCHAs deployed by the 50 most popular websites on Alexa.com and that the method achieves a high attack accuracy with only 2000 samples at an attack speed of less than 0.10 s. The attack was also evaluated on four click-based CAPTCHAs that cannot be attacked in the end-to-end manner used by previous attacks, and the results demonstrated that within one step, the proposed approach achieves high success rates on both click-based CAPTCHAs and schemes based on large-scale character sets, such as Chinese character sets.